Package "bluez-dbg"
Name: |
bluez-dbg
|
Description: |
Bluetooth tools and daemons (with debugging symbols)
|
Latest version: |
5.37-0ubuntu5.3 |
Release: |
xenial (16.04) |
Level: |
updates |
Repository: |
main |
Head package: |
bluez |
Homepage: |
http://www.bluez.org |
Links
Download "bluez-dbg"
Other versions of "bluez-dbg" in Xenial
Changelog
bluez (5.37-0ubuntu5.3) xenial-security; urgency=medium
* SECURITY UPDATE: buffer overflow in parse_line function
- debian/patches/CVE-2016-7837.patch: make sure we don't write past the
end of the array in tools/csr.c.
- CVE-2016-7837
* SECURITY UPDATE: privilege escalation via improper access control
- debian/patches/CVE-2020-0556-pre1.patch: use .accept and .disconnect
instead of attio in profiles/input/hog.c, src/device.c, src/device.h.
- debian/patches/CVE-2020-0556-1.patch: HOGP must only accept data from
bonded devices in profiles/input/hog.c.
- debian/patches/CVE-2020-0556-2.patch: HID accepts bonded device
connections only in profiles/input/device.c, profiles/input/device.h,
profiles/input/input.conf, profiles/input/manager.c.
- debian/patches/CVE-2020-0556-3.patch: attempt to set security level
if not bonded in profiles/input/hog.c.
- debian/patches/CVE-2020-0556-4.patch: add LEAutoSecurity setting to
input.conf in profiles/input/device.h, profiles/input/hog.c,
profiles/input/input.conf, profiles/input/manager.c.
- CVE-2020-0556
-- Marc Deslauriers <email address hidden> Mon, 23 Mar 2020 08:39:08 -0400
|
Source diff to previous version |
CVE-2016-7837 |
Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities. |
CVE-2020-0556 |
Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege an |
|
No changelog available yet.
|
About
-
Send Feedback to @ubuntu_updates